CVE-2017-5259
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.
Affected (5)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.3.2-r4 |
| Running on/with | Platform Versions |
|---|---|
Cambiumnetworks Cnpilot R190v | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.3.2-r4 |
| Running on/with | Platform Versions |
|---|---|
Cambiumnetworks Cnpilot E410 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.3.2-r4 |
| Running on/with | Platform Versions |
|---|---|
Cambiumnetworks Cnpilot R190n | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.3.2-r4 |
| Running on/with | Platform Versions |
|---|---|
Cambiumnetworks Cnpilot E400 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.3.2-r4 |
| Running on/with | Platform Versions |
|---|---|
Cambiumnetworks Cnpilot E600 | All versions |
Related CWEs
CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CWE-489
Active Debug Code
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
References (2)
Source: cve@rapid7.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.